- ServiceNow Fixes Critical AI Platform Vulnerability (CVE-2025-12420) That Enables User Impersonation
- “BodySnatcher” scored 9.3/10 and affected multiple app versions
- No exploit seen yet; experts warn unpatched systems remain at risk after patching
ServiceNow, one of the most popular cloud platforms for automating IT and business processes, has said that it recently patched a Critical Severity vulnerability that allowed threat actors to impersonate other users and perform arbitrary actions in their place.
The company revealed that SaaS security outfit AppOmni notified it of a critical privilege escalation vulnerability within its AI platform in October 2025. After an investigation, the company began tracking the bug as CVE-2025-12420 and gave it a severity score of 9.3/10 (Critical).
“This question […] could allow an unauthorized user to impersonate another user and perform the actions that the impersonated user is authorized to perform,” the announcement reads. “On October 30, 2025, ServiceNow addressed this vulnerability by deploying an appropriate security update to the majority of hosted instances,” it added. “Security updates were also provided to ServiceNow customers and self-hosted customers. Additionally, the vulnerability is fixed in the specified Store App versions.”
Biggest mistake ever?
The patches were released for these versions:
Now Assist AI Agents (sn_aia) – 5.1.18 or later and 5.2.19 or later
Virtual Agent API (sn_va_as_service) – 3.15.2 or later and 4.0.4 or later
So far, there is no evidence that the vulnerability is being exploited in the wild. However, it is not unusual for a bug to begin to be exploited only after the release of a fix. Many cybercriminals do not have the knowledge or resources to hunt for zero days, and instead simply rely on the failure of many companies to patch their software on time.
AppOmni, which discovered the bug, called it “BodySnatcher”.
“BodySnatcher is the most serious AI-powered vulnerability disclosed to date: attackers could have effectively ‘remotely controlled’ an organization’s AI by weaponizing the tools intended to simplify the business,” one researcher said. Hacker News.
Via Hacker News
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
